Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oq1enFlGqDG331VMTOk8QJtscFU.roa
File:                     oq1enFlGqDG331VMTOk8QJtscFU.roa (raw, json)
Hash identifier:          c+I6wkAFtKseTQs9YjdwY9lnvTwMkO5iJarfZxok/cs=
Subject key identifier:   A2:AD:5E:9C:59:46:A8:31:B7:DF:55:4C:4C:E9:3C:40:9B:6C:70:55
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01979D5502D8F397B41C3AEBF667FC8BF09C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oq1enFlGqDG331VMTOk8QJtscFU.roa
Signing time:             Mon 23 Jun 2025 15:08:03 +0000
ROA not before:           Mon 23 Jun 2025 15:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     269934
IP address blocks:        185.242.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 19:28:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:55:02:d8:f3:97:b4:1c:3a:eb:f6:67:fc:8b:f0:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 23 15:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2ad5e9c5946a831b7df554c4ce93c409b6c7055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:86:64:4f:ac:2c:b2:83:9a:e9:24:e8:09:90:
                    ce:2d:41:ab:93:56:b1:46:be:90:68:66:0c:f4:28:
                    6f:b4:7a:65:79:e2:5e:90:dc:f1:1d:26:66:76:1e:
                    8d:f5:60:ed:9e:54:d1:4c:4b:df:95:46:36:76:3a:
                    01:4f:74:4e:3e:c6:74:c4:e6:6c:89:97:70:59:4b:
                    3b:56:74:a4:3f:eb:6c:2f:26:a0:50:ca:62:e8:87:
                    0f:b4:7f:9f:50:40:11:d9:7c:b7:5a:ca:29:1d:ca:
                    18:b6:f3:13:64:e2:67:9f:f5:a8:c1:cf:3c:97:da:
                    98:32:3a:87:18:48:ce:86:af:bb:45:7e:78:c5:40:
                    80:d8:d6:ef:3c:53:b2:b9:29:fe:1c:cd:0b:44:76:
                    a2:00:71:49:ba:7f:e5:43:9d:9a:54:1d:1d:d8:c5:
                    68:ce:64:9a:0b:4e:8b:e4:dd:46:37:40:c5:7a:7e:
                    88:7c:4f:57:2d:4f:ff:1b:65:d3:ae:64:06:cc:ad:
                    56:91:58:13:b2:e2:4d:64:fb:3f:ed:49:98:19:4d:
                    a5:de:0a:9b:05:a9:67:5d:52:80:f8:41:28:43:52:
                    37:70:5f:e4:47:ce:5c:bf:62:4b:0c:69:cf:7b:b3:
                    fd:76:0b:82:af:31:68:d3:6b:ae:83:58:47:fb:6e:
                    fc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AD:5E:9C:59:46:A8:31:B7:DF:55:4C:4C:E9:3C:40:9B:6C:70:55
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oq1enFlGqDG331VMTOk8QJtscFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:22:5c:53:b5:d0:2b:f6:3f:4f:5a:34:89:5d:c1:8e:52:6e:
         e5:12:ec:e9:07:56:04:c4:12:b0:c4:51:93:7f:81:3d:45:65:
         b8:c9:72:a7:db:34:ab:5f:b6:8c:2f:33:55:03:6b:b6:fc:67:
         bb:08:15:36:81:79:a4:36:14:76:c2:7b:2b:70:60:90:d3:05:
         b5:0a:58:d6:0b:00:10:9b:f8:53:48:e0:70:7b:79:4b:a2:3b:
         9c:5c:62:51:88:c8:6e:b6:c0:79:25:84:f8:c8:e9:8e:2b:2d:
         b0:76:d2:a8:04:7b:a8:46:71:66:4f:14:e5:25:10:10:dd:9b:
         d4:46:44:98:a0:4e:72:fc:58:d4:8c:ac:cb:fb:6b:70:5d:41:
         44:4e:b9:6b:49:9b:ba:09:fb:3b:c1:96:b4:16:66:1c:17:f3:
         32:9a:31:74:c1:44:f7:fc:22:88:4e:ab:d3:cd:d3:ce:e2:bd:
         51:35:43:ea:16:fa:f9:cf:fe:5c:b6:23:c6:16:37:3e:ac:ae:
         cb:c7:ca:f4:1e:ab:a3:0a:08:8b:8b:d7:8d:16:89:64:73:80:
         86:3f:99:0c:08:c9:25:9e:b5:63:fc:11:02:5f:b0:e4:2e:21:
         9a:ca:85:e9:f4:16:c2:38:7e:c2:8a:96:bd:fe:cd:1f:23:a3:
         e9:8b:62:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZedVQLY85e0HDrr9mf8i/CcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjIzMTUwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFkNWU5YzU5NDZhODMxYjdkZjU1NGM0Y2U5M2M0MDliNmM3MDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIZkT6wssoOa6SToCZDOLUGrk1ax
Rr6QaGYM9ChvtHpleeJekNzxHSZmdh6N9WDtnlTRTEvflUY2djoBT3ROPsZ0xOZs
iZdwWUs7VnSkP+tsLyagUMpi6IcPtH+fUEAR2Xy3WsopHcoYtvMTZOJnn/Wowc88
l9qYMjqHGEjOhq+7RX54xUCA2NbvPFOyuSn+HM0LRHaiAHFJun/lQ52aVB0d2MVo
zmSaC06L5N1GN0DFen6IfE9XLU//G2XTrmQGzK1WkVgTsuJNZPs/7UmYGU2l3gqb
BalnXVKA+EEoQ1I3cF/kR85cv2JLDGnPe7P9dguCrzFo02uug1hH+278mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKtXpxZRqgxt99VTEzpPECbbHBVMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb3ExZW5GbEdxREczMzFWTVRPazhRSnRzY0ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufL2MA0G
CSqGSIb3DQEBCwUAA4IBAQB6IlxTtdAr9j9PWjSJXcGOUm7lEuzpB1YExBKwxFGT
f4E9RWW4yXKn2zSrX7aMLzNVA2u2/Ge7CBU2gXmkNhR2wnsrcGCQ0wW1CljWCwAQ
m/hTSOBwe3lLojucXGJRiMhutsB5JYT4yOmOKy2wdtKoBHuoRnFmTxTlJRAQ3ZvU
RkSYoE5y/FjUjKzL+2twXUFETrlrSZu6Cfs7wZa0FmYcF/MymjF0wUT3/CKITqvT
zdPO4r1RNUPqFvr5z/5ctiPGFjc+rK7Lx8r0HqujCgiLi9eNFolkc4CGP5kMCMkl
nrVj/BECX7DkLiGayoXp9BbCOH7Cipa9/s0fI6Ppi2JP
-----END CERTIFICATE-----